summaryrefslogtreecommitdiff
path: root/common
diff options
context:
space:
mode:
authorAlexander Larsson <alexl@redhat.com>2010-03-09 12:23:49 +0100
committerAlexander Larsson <alexl@redhat.com>2010-03-11 12:13:59 +0100
commit440ac41cf1dc09a4dde43790f9f9d5a83bfb4a45 (patch)
treed0e479bc6f5eb6e100343e684630afa199694119 /common
parent22b551f97faf4a16dd030a4518cfb6afd151138f (diff)
New memory allocators that exit on OOM and handle multiplication overflow
Every place that does a regular malloc/calloc and aborts on failure should use spice_malloc/spice_mallo0 instead, which is leaner and cleaner. Allocations of dynamically sized arrays can use g_malloc_n or g_new etc which correctly handle multiplication overflow if some of the arguments are not trusted.
Diffstat (limited to 'common')
-rw-r--r--common/mem.c150
-rw-r--r--common/mem.h82
2 files changed, 232 insertions, 0 deletions
diff --git a/common/mem.c b/common/mem.c
new file mode 100644
index 0000000..ad0cccf
--- /dev/null
+++ b/common/mem.c
@@ -0,0 +1,150 @@
+/* -*- Mode: C; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/*
+ Copyright (C) 2010 Red Hat, Inc.
+
+ This program is free software; you can redistribute it and/or
+ modify it under the terms of the GNU General Public License as
+ published by the Free Software Foundation; either version 2 of
+ the License, or (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program. If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "mem.h"
+#include <stdlib.h>
+#include <stdio.h>
+#include <string.h>
+
+#ifndef MALLOC_ERROR
+#define MALLOC_ERROR(format, ...) { \
+ printf(format "\n", ## __VA_ARGS__); \
+ abort(); \
+}
+#endif
+
+char *spice_strdup(const char *str)
+{
+ char *copy;
+
+ copy = (char *)spice_malloc(strlen(str) + 1);
+ strcpy(copy, str);
+ return copy;
+}
+
+void *spice_memdup(const void *mem, size_t n_bytes)
+{
+ void *copy;
+
+ copy = spice_malloc(n_bytes);
+ memcpy(copy, mem, n_bytes);
+ return copy;
+}
+
+void *spice_malloc(size_t n_bytes)
+{
+ void *mem;
+
+ if (SPICE_LIKELY(n_bytes)) {
+ mem = malloc(n_bytes);
+
+ if (SPICE_LIKELY(mem != NULL)) {
+ return mem;
+ }
+
+ MALLOC_ERROR("spice_malloc: panic: unable to allocate %lu bytes\n",
+ (unsigned long)n_bytes);
+ }
+ return NULL;
+}
+
+void *spice_malloc0(size_t n_bytes)
+{
+ void *mem;
+
+ if (SPICE_LIKELY(n_bytes)) {
+ mem = calloc(1, n_bytes);
+
+ if (SPICE_LIKELY(mem != NULL)) {
+ return mem;
+ }
+
+ MALLOC_ERROR("spice_malloc0: panic: unable to allocate %lu bytes\n",
+ (unsigned long)n_bytes);
+ }
+ return NULL;
+}
+
+void *spice_realloc(void *mem, size_t n_bytes)
+{
+ if (SPICE_LIKELY(n_bytes)) {
+ mem = realloc(mem, n_bytes);
+
+ if (SPICE_LIKELY(mem != NULL)) {
+ return mem;
+ }
+
+ MALLOC_ERROR("spice_realloc: panic: unable to allocate %lu bytes\n",
+ (unsigned long)n_bytes);
+ }
+
+ if (mem) {
+ free(mem);
+ }
+
+ return NULL;
+}
+
+#define SIZE_OVERFLOWS(a,b) (SPICE_UNLIKELY ((a) > SIZE_MAX / (b)))
+
+void *spice_malloc_n(size_t n_blocks, size_t n_block_bytes)
+{
+ if (SIZE_OVERFLOWS (n_blocks, n_block_bytes)) {
+ MALLOC_ERROR("spice_malloc_n: overflow allocating %lu*%lu bytes",
+ (unsigned long)n_blocks, (unsigned long)n_block_bytes);
+ }
+
+ return spice_malloc(n_blocks * n_block_bytes);
+}
+
+void *spice_malloc_n_m(size_t n_blocks, size_t n_block_bytes, size_t extra_size)
+{
+ size_t size1, size2;
+ if (SIZE_OVERFLOWS (n_blocks, n_block_bytes)) {
+ MALLOC_ERROR("spice_malloc_n: overflow allocating %lu*%lu + %lubytes",
+ (unsigned long)n_blocks, (unsigned long)n_block_bytes, (unsigned long)extra_size);
+ }
+ size1 = n_blocks * n_block_bytes;
+ size2 = size1 + extra_size;
+ if (size2 < size1) {
+ MALLOC_ERROR("spice_malloc_n: overflow allocating %lu*%lu + %lubytes",
+ (unsigned long)n_blocks, (unsigned long)n_block_bytes, (unsigned long)extra_size);
+ }
+ return spice_malloc(size2);
+}
+
+
+void *spice_malloc0_n(size_t n_blocks, size_t n_block_bytes)
+{
+ if (SIZE_OVERFLOWS (n_blocks, n_block_bytes)) {
+ MALLOC_ERROR("spice_malloc0_n: overflow allocating %lu*%lu bytes",
+ (unsigned long)n_blocks, (unsigned long)n_block_bytes);
+ }
+
+ return spice_malloc0 (n_blocks * n_block_bytes);
+}
+
+void *spice_realloc_n(void *mem, size_t n_blocks, size_t n_block_bytes)
+{
+ if (SIZE_OVERFLOWS (n_blocks, n_block_bytes)) {
+ MALLOC_ERROR("spice_realloc_n: overflow allocating %lu*%lu bytes",
+ (unsigned long)n_blocks, (unsigned long)n_block_bytes);
+ }
+
+ return spice_realloc(mem, n_blocks * n_block_bytes);
+}
diff --git a/common/mem.h b/common/mem.h
new file mode 100644
index 0000000..f5fab20
--- /dev/null
+++ b/common/mem.h
@@ -0,0 +1,82 @@
+/* -*- Mode: C; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/*
+ Copyright (C) 2010 Red Hat, Inc.
+
+ This program is free software; you can redistribute it and/or
+ modify it under the terms of the GNU General Public License as
+ published by the Free Software Foundation; either version 2 of
+ the License, or (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program. If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#ifndef _H_MEM
+#define _H_MEM
+
+#include <stdlib.h>
+#include <spice/macros.h>
+
+char *spice_strdup(const char *str) SPICE_GNUC_MALLOC;
+void *spice_memdup(const void *mem, size_t n_bytes) SPICE_GNUC_MALLOC;
+void *spice_malloc(size_t n_bytes) SPICE_GNUC_MALLOC SPICE_GNUC_ALLOC_SIZE(1);
+void *spice_malloc0(size_t n_bytes) SPICE_GNUC_MALLOC SPICE_GNUC_ALLOC_SIZE(1);
+void *spice_realloc(void *mem, size_t n_bytes) SPICE_GNUC_WARN_UNUSED_RESULT;
+void *spice_malloc_n(size_t n_blocks, size_t n_block_bytes) SPICE_GNUC_MALLOC SPICE_GNUC_ALLOC_SIZE2(1,2);
+void *spice_malloc_n_m(size_t n_blocks, size_t n_block_bytes, size_t extra_size) SPICE_GNUC_MALLOC;
+void *spice_malloc0_n(size_t n_blocks, size_t n_block_bytes) SPICE_GNUC_MALLOC SPICE_GNUC_ALLOC_SIZE2(1,2);
+void *spice_realloc_n(void *mem, size_t n_blocks, size_t n_block_bytes) SPICE_GNUC_WARN_UNUSED_RESULT;
+
+/* Optimise: avoid the call to the (slower) _n function if we can
+ * determine at compile-time that no overflow happens.
+ */
+#if defined (__GNUC__) && (__GNUC__ >= 2) && defined (__OPTIMIZE__)
+# define _SPICE_NEW(struct_type, n_structs, func) \
+ (struct_type *) (__extension__ ({ \
+ size_t __n = (size_t) (n_structs); \
+ size_t __s = sizeof (struct_type); \
+ void *__p; \
+ if (__s == 1) \
+ __p = spice_##func (__n); \
+ else if (__builtin_constant_p (__n) && \
+ __n <= SIZE_MAX / __s) \
+ __p = spice_##func (__n * __s); \
+ else \
+ __p = spice_##func##_n (__n, __s); \
+ __p; \
+ }))
+# define _SPICE_RENEW(struct_type, mem, n_structs, func) \
+ (struct_type *) (__extension__ ({ \
+ size_t __n = (size_t) (n_structs); \
+ size_t __s = sizeof (struct_type); \
+ void *__p = (void *) (mem); \
+ if (__s == 1) \
+ __p = spice_##func (__p, __n); \
+ else if (__builtin_constant_p (__n) && \
+ __n <= SIZE_MAX / __s) \
+ __p = spice_##func (__p, __n * __s); \
+ else \
+ __p = spice_##func##_n (__p, __n, __s); \
+ __p; \
+ }))
+#else
+
+/* Unoptimised version: always call the _n() function. */
+
+#define _SPICE_NEW(struct_type, n_structs, func) \
+ ((struct_type *) spice_##func##_n ((n_structs), sizeof (struct_type)))
+#define _SPICE_RENEW(struct_type, mem, n_structs, func) \
+ ((struct_type *) spice_##func##_n (mem, (n_structs), sizeof (struct_type)))
+
+#endif
+
+#define spice_new(struct_type, n_structs) _SPICE_NEW(struct_type, n_structs, malloc)
+#define spice_new0(struct_type, n_structs) _SPICE_NEW(struct_type, n_structs, malloc0)
+#define spice_renew(struct_type, mem, n_structs) _SPICE_RENEW(struct_type, mem, n_structs, realloc)
+
+#endif